Do you know what GDPR is? It is the acronym for General Data Protection Law, sanctioned by President Michel Temer with the objective of increasing the privacy of personal data and the power of the regulators to oversee organizations. The document amends the Civil Internet Framework and arrives at a propitious time, marked by large leaks of information and scandals that rightly involve the misuse of personal information. 

Failure to comply with these obligations may result, for example, in very high fines that amount to up to R $ 50 million per infraction. Although this practice puts Brazil in the group of countries considered adequate in protecting citizens’ privacy, the expectation is that the coming months will be difficult and planning within corporations. Check out ten points to understand LGPD more:

• Objectives: The main goal is to ensure the privacy of people’s personal data and allow greater control over them. In addition, the law creates clear rules on the collection, storage and sharing of this information, helps to promote technological development in society and consumer protection itself..
• Motivations of the GDPR: There has been a great debate in the sector since 2010 on data protection. Among the factors that led to the approval of the Brazilian bill was the GPDR, a regulation approved by the European Union in May 2018. As this document has extraterritorial applicability, many Brazilian companies have already had to adapt to this new reality.
• Main points: the law is applied to all sectors of the economy; has extraterritorial application, that is, every company that has business in the country must suit it; user’s consent to collect personal information; holders may rectify, cancel or even request the exclusion of such data; creation of the National Data Protection Authority (ANPD); and the obligatory notification of any incident. the collection and processing of your personal data.
• Data Protection Officer: Organizations must now establish an Information Security Committee to review internal procedures. Within this government body there will be an exclusive professional for data protection and responsible for compliance with the new law.
• Maturity Assessment processes and Risk Impact: is the survey which conditions should be corrected by the company to guarantee that LGPD be fulfilled in all departments
•  Reducing exposure to risk: here, is the step of implementing measures to protect personal data at the base of the company. They can be security, technical and administrative, that prevent, combat or minimize the loss or unavailability of information assets due to threats that act on some vulnerabilities.
• Adoption of Privacy by Design: covers protection from designing the product or system being incorporated directly to the technological structures to the business model and the physical infrastructure. That is, privacy is present in the architecture itself, allowing the user to be able to preserve and manage the collection and processing of their personal data.